PFSense - Suricata - Create a custom HOME_NET

PFSense - Suricata - Create a custom HOME_NET

You have to first create a Pass List on the PASS LIST tab.

Then on the INTERFACE SETTINGS tab for the interface you want to set a custom HOME_NET for, choose the Pass List you created in the drop-down (the one that probably says “default” right now).

Create a Firewall Alias

Navigate to Firewall → Aliases.

Put all the remote networks and IP addresses (excepting locally-attached addresses on the firewall itself) that you want to be in HOME_NET in that alias.

TIP: Remember that on pfSense you can nest aliases (so you can put an alias in another alias).

Create a Suricata Passlist

Navigate to Services → Suricata → Pass Lists.

Click Add.
- Name the list something with HOME_NET in it just to help you identify it in the future.
- You probably want to leave all the defaults in the new list.
- Aligned Alias: Type the the name of the alias created earlier.
Click Save.

Apply Passlist

Navigate to Services → Suricata → Interfaces.

Select the specific Interface you want to modify.

In Networks Suricata Should Inspect and Protect:

Pass List: Click the drop-down and select the Pass List you created earlier.

Click Save.

Restart Suricata on the interface.

References

https://forum.netgate.com/topic/136729/suricata-cannot-change-home-net-list/9

Table of Contents

PFSense - Suricata - Create a custom HOME_NET

Create a Firewall Alias

Create a Suricata Passlist

Apply Passlist

References